A paper focusing on data privacy in web applications and services, produced by ATMOSPHERE academia experts from University of Campinas (Brazil) and University of Coimbra, was accepted by  Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos (SBRC). SBRC has become the most important national scientific event in computer networks and distributed systems, and one of the most popular in the computer science field

Data Ownership mirage: are users aware of how their online personal data is being managed?

“How is your personal information managed once you provide a website with it?”. This hot question hits quite a sensitive topic. To use online services (e.g online banking, e-commerce, amongst others), the user must provide personal information. Although, the user cannot control how their data is being used by these web application providers, after providing the requested info.

In fact, to access the service, an alternative option other than accepting the entire Privacy Policy of the web application providers, is not offered to the user. The user must accept the overall Privacy Policy, without expressing their own privacy preferences. Today, a privacy policy solution that allows customisation of the data that the users are willing to provide to the Web application providers does not exist.

Web application providers need to move towards privacy-aware practices to increase the trust of their users and keep a competitive edge over other organizations. This evolution is only possible by adequately using the existing techniques and by developing new approaches that clearly focus on the interest and individuality of the users.

A Roadmap to face the challenges of Data Privacy in Web Applications

The paper lists challenges that web application providers shall focus on, to create a privacy-aware information-technology society. Privacy-aware web environments shall privilege the user’s preferences and future researchers can have a role to support this. In the paper, there is a list of research questions that need to be answered, along with a list of steps to be followed that will lead to answering one or more of the listed questions.

Furthermore, the paper also indicates preliminary solutions for the challenges indicated.

Privacy Policies: a user-centric approach is required

Users have a duty: to understand the importance of protecting their personal data, and their right to it. The ideal scenarios would be to have trustworthiness as a benchmark, where users could assess and compare systems or applications according to specific privacy characteristics, and, additionally select the ones that offer more guarantees in terms of privacy protection.